In a conference system, security measures may be employed to prevent unauthorized access to a conference session facilitated by conference system. Such security measures may comprise authentication mechanisms such as requiring users to provide user names and passwords, digital certificates, or other credentials. Network-security threats, however, are growing in sophistication and can potentially overcome these measures using, for example, phishing schemes. As a result, conference-system designers face technical challenges to developing security measures to prevent unauthorized access to their conference systems. Some of these technical challenges arise due to current conference systems having architectures unable to leverage currently deployed information-technology (IT) and security resources (e.g., hardware) when performing authentication tasks. Therefore, there is a need for a conference-system architecture and authentication mechanism capable of using existing IT and security resources to prevent unauthorized system use.